Highlights from the AICPA Employee Benefit Plans Conference

Staying on top of the latest accounting and auditing trends that affect employee benefit plans is important to our ERISA services team to better serve Plan Sponsors.. Several BDO representatives recently attended the American Institute of Certified Public Accountants (AICPA) Employee Benefit Plans Conference in New Orleans, where they learned from regulators, and service providers about the top accounting and auditing developments affecting employee benefit plans today.
 
The three-day conference covered a range of topics, from regulatory updates to plan design trends. Here are three areas that we identified as being the most relevant for plan sponsors as we enter into this filing season.

Cybersecurity

Plan sponsors and their auditors should be paying attention to cybersecurity risks that specifically affect an organization’s benefits plans. In addition to holding assets, these plans also contain massive amounts of sensitive information including names, Social Security numbers and addresses that could be easy for hackers to steal if appropriate protocols are not in place.
 
While there are several types of cybersecurity threats, phishing techniques were a top conversation at the conference. This hacking method involves stealing login credentials and passwords through a phony email. It is usually posed as being sent from one executive to another, asking for sensitive employee data. Also, the email may look like it came from an outside provider—like a record keeper—to get the valuable information.
 
Speakers on the topic stressed that organizations need to have a cybersecurity strategy that is specific to the company’s benefit plans. Often, companies have cybersecurity protocols for the overall organization but don’t consider the needs of such protocols for their benefit plans.
 
In addition, it is important to remember that even though service providers may claim they have cybersecurity controls and are fiduciaries to the plan, it is the plan sponsor’s ultimate fiduciary responsibility to make sure data is safe. The AICPA hosts a Cybersecurity Resource Center to help companies learn how to set standards and best protect their sensitive information.
 
Cybersecurity attacks can carry hefty penalties and consequences, including time, investigative costs and potential fiduciary breaches. In addition to establishing protocols for reducing the risk of a cyberattack, plan sponsors also need to establish plans for how they will respond if a breach occurs. Having a plan in place may not prevent a cyberattack, but it will allow for centralized control and a set path of correction that is tailored to the organization’s benefits plans.

EBSA Enforcement of Benefit Plans 

The Department of Labor’s Employee Benefits Security Administration (EBSA) recently released its enforcement statistics for 2018, reporting that it recovered $1.6 billion for direct payments to plans, participants and beneficiaries—a $500 million increase from 2017. Breaking this total down, monetary recoveries were $1.1 billion from enforcement actions, $443.2 million from the informal complaint resolution program, $33.4 million from the abandoned plan program and $10.8 million from the voluntary fiduciary correction program.
 
This means that the EBSA’s enforcement arm remains extremely active and that plan sponsors need to pay attention to their fiduciary responsibilities. In particular, the Terminated Vested Participant Project (TVPP) continues to be a significant project for the agency, which helped recover nearly $808 million owed to defined benefit plan participants. In 2017, only $327 million was recovered through this program. The TVPP investigates whether plan sponsors have sufficiently searched for missing participants.

Recent IRS Revenue Procedures

Experts at the conference also covered two new Internal Revenue Service (IRS) revenue procedures. The first involves the Employee Plans Compliance Resolution System (EPCRS); and the second discusses changes for the IRS determination letter program for certain individually designed plans.
 
Rev. Proc. 2019-19 offers three correction programs. The new tweaks to the rule, which became effective April 19, 2019, eases certain correction processes:

• Internal Revenue Code (IRC) 401(a) plans can now self-correct specific failures under certain circumstances.

• Plan sponsors can adopt a retroactive plan amendment under the voluntary correction program (VCP) if certain conditions are met.

• Plan sponsors can self-correct specific loan failures after satisfying particular conditions under the rule.

• Plan sponsors can self-correct failures to get spousal approval to distributions through a retroactive consent.

 
Rev. Proc. 2019-20 provides a limited expansion of the determination letter program for individually designed statutory hybrid plans like cash balance and pension equity plans, as well as merged plans.

• Hybrid plans: Plan sponsors can submit determination letter applications beginning Sept. 1, 2019, and ending Aug. 31, 2020. Now, plan sponsors can ask the IRS to review the plan to make sure it complies with federal regulations. Plan sponsors may be able to correct failures without having to pay a penalty.

• Merged plans: Plan sponsors can submit determination letter applications on an ongoing basis. To qualify, plans need to have been merged no later than the last day of the first plan year that begins after the plan year that includes the date of the company merger. The merged plan determination letter application needs to be submitted no later than the last day of the first plan year of the new plan that starts after the date of the plan merger.

BDO Insight: Stay on Top of Industry Trends

In addition to the topics described above, another high-priority item covered at this year’s AICPA Employee Benefit Plans Conference was the new employee benefit plan (EBP) auditing standard that was voted as a final standard in July 2018.
 
The new standard addresses the auditor's responsibilities for forming an opinion and reporting on ERISA plan financial statements. The new standard also addresses the form and content of the auditor’s report issued as a result of an audit of ERISA plan financial statements, including changes to the form and content of the auditor’s report when management elects to have an ERISA section 103(a)(3)(C) audit performed.
 
The new standard is effective for audits of financial statements for periods ending on or after December 15, 2020.
 
As we approach the upcoming filing season, we wanted to share the above topics to help you better understand the impact to your benefit plans. If you have any questions about any of these topics, your BDO representative is available to help explain the details.